Presentation is loading. Please wait.

Presentation is loading. Please wait.

MVHS Career Night 2015 Information Security. Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.

Published byWendy Harrell Modified over 8 years ago

Similar presentations

Presentation on theme: "MVHS Career Night 2015 Information Security. Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips."— Presentation transcript:

1 MVHS Career Night 2015 Information Security

2 Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips

3 What a person wants in life Money Fame Nirvana We will talk about first 2

4 How to be wealthy ? Have Rich Parents Marry a Rich Spouse Win the Lottery Become a Successful Black Hat Hacker (Live life underground) Work as a White Hat (this presentation) YOU WILL MAKE YOUR OWN CAREER! Others may help, but it’s ALL ON YOU!

5 Do I have your attention now.

6 Why Information Security? Increasing regulatory compliance Requires organizations to adopt security standards and frameworks for long-term approach to mitigating risk Evolving and emerging threats and attacks Continual learning of new skills and techniques Convergence of physical and information security Accountability between information security professionals and management falls on several key executives to manage growing risk exposures

7 What Is Information? Information is collection of useful DATA. Information could be – Your personal details – Your corporate details. – Future plan’s

8 What is Information Security? 1) Access Controls 2) Telecommunications and Network Security 3) Information Security and Risk Management 4) Application Security 5) Cryptography 6) Security Architecture and Design 7) Operations Security 8) Business Continuity and Disaster Recovery Planning 9) Legal, Regulations, Compliance and Investigations 10) Physical (Environmental) Security

9 What Next

10 Explore : – Industry Standard Knowledge – nothing beats core concept understanding Certification – helps in proving your exposure as fresher.

11 Explore : Types of Info-Sec jobs Ethical Hacker – Vulnerability Assessment – Penetration Tester Forensic Investigator Security Governance – Auditor Security Administrator Secure Developer

12 Explore : Type of certification Security Analyst – CEH, ECSA, OSCP Development – SCJP, MCSE Server Security – RHCSS Auditor – ISO 27000 lead auditor

13 Clarify : Information Security

14 keep the bad guys out let the trusted guys in give trusted guys access to what they are authorized to access

15 Clarify : Security Triad

16 Security Triad

17 Clarify : Secure Developer A Developer who is aware about security issues. Developers now are classified In 3 major category – Thick Client Developer – Thin Client Developer. – Kernel or driver developer. If you can exploit it you need to patch it.

18 Clarify : Security Administrator Server Administrator with background into Security. Skills Required – Server Hardening. – Firewall configuration.

19 Clarify : Vulnerability Assessment It is the process of finding possible exploitable situation in a given target. Target could be Desktop/ Laptop, Network, Web Application, literally any device with a processor and motive to achieve Skill Set – understanding of target architecture. – Eye for details and thinking of an exploiter. – (Optional) Programming for nessus plugin.

20 Clarify : Penetration Testing Next Step to vulnerability assessment. Here the target is actually evaluated against a live attack. Skills Required: – Programming : C / C++, Python, Perl, Ruby – Understanding of an exploitation framework. Metasploit Core impact

21 Clarify : Forensic Expert The post – mortem specialist for IT Responsible for after incident evaluation of a target. Skills – All that’s needed for VA/PT. – Understanding of forensic concepts not limited to data recovery, log evaluation etc.

22 Clarify : Auditor Reviews the systems and networks and related security policies with regards to Industrial standards. Skills Required – Understanding of compliance policies HIPPA, ISO 27001, PCI DSS, SOX and many more. – Understanding of ethical hacking concepts and application.

23 Commit : How to gain Knowledge Spend first few years mastering fundamentals Get involved in as many systems, apps, platforms, languages, etc. as you can Key technologies and areas Relevant security experience Compliance/regulatory/risk management Encryption Firewalls Policy IDS/IPS Programming and scripting

24 Commit : Technical Skills Required LEARN the Operating System LEARN the Coding Language LEARN Assembler & Shell Coding Learn Metasploit Learn Nessus Learn Writing exploit for Metasploit Learn writing scanning plug-in for Nessus.

25 Commit : Soft Skills Required Learn Presentation skills. Learn business language. Management likes to hear that.

26 Commit : how to gain certificate Attend Training Learn, understand and apply the concepts in a controlled environment. Take exam when you have confidence.

27 Commit : how to practice Set up a lab at home. – Physical Lab (best) – Virtual Lab (second Best) Keep yourself updated subscribe to Vulnerability DB. – Practice regularly on a secured home lab.

28 Commit : First job Lower rungs of the tech ladder Unpaid Overtime is Expected When offered company training – take it Expect to make Mistakes – Learn from them

29 THINGS TO REMEMBER

30 Things to Remember Learn to Question Everything. Keep yourself up-to-date. Be expert in one field however, security specialist are more on advantage if they develop generalist skills. Security is extension of business needs and should support it. Form group of like minded people.

31 HACKER GOT HACKED Keep your system and network secure first. Avoid publicizing about being “HACKER” till you have practiced enough and feel confident. Self proclaimers are not seen with good eyes in security communities. Your work should speak and not your mouth.

32 Work and personal Life

33 CERTIFICATIONS

34 Why Certification is good Nothing beats the first hand Job Exposure. However When you hit roadblock, certifications helps

35 More on Certification Passing a Certification exam says that: – You have the minimum knowledge to be considered for certification (at the time of the test) OR – You are very good at taking tests.

36 Industry Certifications EC-Council – CEH, ECSA, CHFI,ECSP and More ISC 2 – CISSP Offensive Security – OSCP ISACA – CISA and CISM

37

38 Any Questions

Download ppt "MVHS Career Night 2015 Information Security. Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
CISSP Seeks CIPP Object: Mutual Compliance Marriage of Privacy and Security Professionals Under HIPAA David B. Nelson, CISSP Yolo County Woodland, California.

CISSP Seeks CIPP Object: Mutual Compliance Marriage of Privacy and Security Professionals Under HIPAA David B. Nelson, CISSP Yolo County Woodland, California.
Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS.

Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS.
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Security and Personnel

Security and Personnel
Computer Security and Penetration Testing

Computer Security and Penetration Testing
UMBC TRAINING CENTERS © 2010, Paladin Group, LLC Certified Information System Security Professional (CISSP)

UMBC TRAINING CENTERS © 2010, Paladin Group, LLC Certified Information System Security Professional (CISSP)
Security Controls – What Works

Security Controls – What Works
Shad Malloy CAaNES, LLC.

Shad Malloy CAaNES, LLC.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.

Secure Software Development Security Operations Chapter 9 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.
Security Certification

Security Certification
Selling the MTA Sales Academy Brent Johnson – Oct 17, 2012.

Selling the MTA Sales Academy Brent Johnson – Oct 17, 2012.
Certified Information System Security Professional (CISSP)

Certified Information System Security Professional (CISSP)
The Business of Penetration Testing

The Business of Penetration Testing
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,

Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.

Similar presentations

Ads by Google